[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
PR/38349 CVS commit: pkgsrc/mail/policyd-weight
The following reply was made to PR pkg/38349; it has been noted by GNATS.
From: Tobias Nygren <tnn%netbsd.org@localhost>
Subject: PR/38349 CVS commit: pkgsrc/mail/policyd-weight
Date: Mon, 31 Mar 2008 20:50:11 +0000 (UTC)
Module Name: pkgsrc
Committed By: tnn
Date: Mon Mar 31 20:50:11 UTC 2008
pkgsrc/mail/policyd-weight: Makefile distinfo
Maintainer update from PR pkg/38349, containing security fixes.
While here, fix a minor DESTDIR botch.
- (security) Using File::Spec->canonpath for normalization (trailing slashes)
Check ownership of real directories to avoid race attacks
for symlinks. Thanks to Robert Buchholz.
0.1.14 beta-16 (not released)
- (security) The check for symlinked directories was half complete.
perl ignores -l if the argument has a trailung slash.
Thanks to Andrej Kacian.
- (security) $LOCKPATH and its contents weren't checked for being
a symlink which. Thanks to Chris Howells and Andrej Kacian.
- (fix) "dedicated" added to the exclusion list for dialup
checks. A better approach would be to let the user
configure dialup and exclude patterns.
- (change) rbls.org link changed to robtext.com
- (change) results with 'rc:' as action are not cached
- (fix) regexp check for dynamic helo/client did hit also some
clients with "static"
- (fix) helo numeric check was too fuzzy.
- (fix) master didn't read config after policyd-weight reload
- (fix) HELO_SEEMS_DIALUP may have scored even if the IP is listed
for the sender domain.
- (fix) An interrupt of policyd-weight -s may cause a SIGPIPE
which killed the cache
- (change) Implemented $NS list. Useful for users with split
- (fix) don't cache rejections which were deferred (4xx and friends)
- (fix) helo_numeric_score didn't catch [n.n.n.n] helos
- (fix) Header was not included if $dnsbl_checks_only = 1; and
$ADD_X_HEADER = 1; - Thanks to J. Genannt
- (fix) Corrected handling of [n.n.n.n] HELOs and address-literals
as sender (long standing issue)
- (change) Introduced @dnsbl_checks_only_regexps in order to skip
DNS checks for certain client hostnames
- (change) Added -D (Don't detach) switch for daemon-tools/runit users
- (change) Added signals handlers for most of signals so that they are
at least logged, also, provide a perl backtrace.
- (change) prerequisite steps for providing coredumps (build coredump
directories, chdir) - coredumps are non-trivial:
we start as root, change uid. At this moment coredumps
are denied by kernel in order to protect root-data. The only
workaround would be, to start cache and master via system()
after changing uid
- (change) In daemon mode wrongly crafted policy requests don't lead
to a child-exit anymore, only the connection is closed
- (change) log-facilities other than 'info' are now mentioned in log-lines
- (change) SMTP information such as client, helo, sender and to are now
logged in each log-message. If $DEBUG is set this also logs
the instance variable.
- (fix) rbl_lookup used sometimes 65536 as packet id which appeared
to cause problems
- (fix) Check for syslog absence. If syslog is not available then
log temporarily to $LOCKPATH/polw-emergency.log
- (tmpfix) Introduced $TRY_BALANCE which closes connections to smtpds after
they got their response in order to avoid too many established
smtpd->policyd-weight (child) connections.
To generate a diff of this commit:
cvs rdiff -r1.2 -r1.3 pkgsrc/mail/policyd-weight/Makefile
cvs rdiff -r184.108.40.206 -r1.2 pkgsrc/mail/policyd-weight/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Main Index |
Thread Index |